CVE-2011-0159: Input Validation
First published: Fri Mar 11 2011(Updated: )
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iPhone OS | =4.1 | |
| iPhone OS | =4.2 | |
| iPhone OS | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-0159?
CVE-2011-0159 is considered a moderate severity vulnerability due to the potential for remote tracking of users.
How do I fix CVE-2011-0159?
To mitigate CVE-2011-0159, users should update their iOS devices to version 4.3 or later.
What does CVE-2011-0159 affect?
CVE-2011-0159 affects the Safari Settings feature in Apple iOS versions 4.0, 4.1, and 4.2.
How does CVE-2011-0159 impact user privacy?
CVE-2011-0159 may lead to unauthorized tracking of users by allowing remote web servers to set and retain cookies.
Is CVE-2011-0159 still a concern for recent iOS versions?
CVE-2011-0159 is not a concern for devices running iOS 4.3 or newer, as the vulnerability has been addressed.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/apple
- canonical/iphone os
- version/iphone os/4.1
- version/iphone os/4.2
- version/iphone os/4.0